📦 Cyber Ir Playbook — 应急响应剧本

v0.1.0

从事件日志自动生成事故响应时间线与报告包，支持检测-恢复全流程追踪、阶段管理并输出面向利益相关者的专业报告。

0· 339·1 当前·2 累计

by @0x-professor (Muhammad Mazhar Saeed)

安全数据分析自动化文档工具

下载技能包

最后更新

2026/2/26

安全扫描

VirusTotal

无害

查看报告

OpenClaw

安全

high confidence

The skill's code, instructions, and requirements are consistent with its stated purpose (building IR timelines and reports); it doesn't request credentials or perform network I/O.

评估建议

This skill appears coherent and low-risk: it converts user-supplied event JSON into timeline reports and ships with a small Python script and a phase guide. Before running, (1) review the script yourself (it's short and readable) and ensure you run it in a trusted environment with a Python 3 runtime, (2) only pass input files you trust (logs may contain sensitive data), and (3) specify an output path that won't overwrite important system or sensitive files. If you need networked or automated ing...

详细分析 ▾

✓ 用途与能力

Name, description, and included files (reference guide and a Python report generator) align: the bundled script ingests event JSON and produces timeline reports. No unrelated binaries, env vars, or external services are requested.

ℹ 指令范围

SKILL.md instructs running the included script and reading the provided phase guide; the script only reads a user-supplied input file (max 1 MiB) and writes an output artifact in the chosen format. Note: the script will write to whatever output path is supplied, so callers should avoid pointing it at sensitive system files or locations where overwriting is dangerous.

✓ 安装机制

No install spec — the skill is instruction + a small Python script. No remote downloads or package installs are declared, which keeps install risk low. Users need a Python runtime to execute the script.

✓ 凭证需求

The skill requests no environment variables, credentials, or config paths. The script does not read environment variables or network endpoints; required data is provided via the input file argument.

✓ 持久化与权限

always is false and the skill does not attempt to persist configuration, modify other skills, or elevate privileges. It operates only on files passed to it.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv0.1.02026/2/26

Initial release of cyber-ir-playbook. - Generates incident response timelines and phase-based reports from event logs. - Classifies events into detection, containment, eradication, recovery, or post-incident phases. - Produces ordered incident timelines and stakeholder-ready summaries. - Includes scripts and guides for report generation and phase mapping. - Emphasizes defensive incident handling; avoids offensive exploitation content.

● 无害

安装命令

点击复制

官方npx clawhub@latest install cyber-ir-playbook

镜像加速npx clawhub@latest install cyber-ir-playbook --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库